Before you can use cloud resources in a virtual private cloud (VPC), you must create a VPC and a vSwitch. You can create multiple vSwitches to create multiple subnets for a VPC. By default, the subnets in a VPC can communicate with each other.
VPCs and vSwitches
A VPC is a private network deployed on Alibaba Cloud.

CIDR blocks and IP addresses
VPCs support both IPv4 and IPv6. By default, VPCs use IPv4. You can enable IPv6 based on your business requirements. For more information, see Enable IPv6 for a VPC and Enable an IPv6 CIDR block for a VPC network.
VPCs support the dual-stack mode. In dual-stack mode, resources in a VPC can communicate through both IPv4 and IPv6 addresses. IPv4 and IPv6 addresses are independent of each other. Therefore, you must configure routes and security groups for both IPv4 and IPv6 addresses.
Item | IPv4 VPC | IPv6 VPC |
---|---|---|
IP address format | An IPv4 address is 32 bits in length and contains four groups. Each group consists of at most three decimal digits. | An IPv6 address is 128 bits in length and contains eight groups. Each group consists of four hexadecimal digits. |
Feature status | By default, IPv4 is enabled for all VPCs. | You can manually enable IPv6. |
VPC CIDR block size | The subnet mask of a VPC CIDR block can range from /8 to /28 .
|
The subnet mask of a VPC CIDR block is /56 .
|
vSwitch CIDR block size | The subnet mask of a vSwitch CIDR block can range from /16 to /29 .
|
The subnet mask of a vSwitch CIDR block is /64 .
|
Whether you can specify a CIDR block | You can specify an IPv4 CIDR block. | You cannot specify an IPv6 CIDR block. The system automatically assigns an IPv6 CIDR block to your VPC from the IPv6 address pool. |
Supported instance families | Supported by all instance families. | Not supported by specific instance families.
For more information, see Instance families. |
Whether ClassicLink connections are supported | ClassicLink connections are supported. | ClassicLink connections are not supported. |
Whether elastic IP addresses (EIPs) are supported | IPv4 EIPs are supported. | IPv6 EIPs are not supported. |
Whether gateways are supported | VPN gateways and NAT gateways are supported. | VPN gateways and NAT gateways are not supported. |
- If you want to connect a VPC to another VPC, you can create VPC peering connections or use Cloud Enterprise Network (CEN) or VPN gateways.
- If you want to connect a VPC to a data center, you can purchase VPN gateways, Express Connect circuits, or Smart Access Gateway (SAG) devices.
- Through IPv4 addresses
You can configure NAT gateways or associate EIPs with Elastic Compute Service (ECS) instances in a VPC. This way, the ECS instances can communicate with the Internet through IPv4 addresses.
For more information, see Associate an EIP with an ECS instance and Use the SNAT feature of an Internet NAT gateway to access the Internet.
- Through IPv6 addresses
To enable cloud resources in a VPC to communicate with the Internet through IPv6 addresses, you must purchase an IPv6 Internet bandwidth plan. You can configure egress-only rules for IPv6 addresses. This allows cloud resources in the VPC to access the Internet through IPv6 addresses. However IPv6 clients cannot access the cloud resources over the Internet.
For more information, see Enable and manage IPv6 Internet bandwidth and Create and manage an egress-only rule.
Routes


If multiple route entries match the destination IP address, the route entry with the longest subnet mask prevails and is used to determine the next hop. This ensures that the traffic is routed to the most precise destination. You can also add a custom route entry to route traffic to a specified destination. For more information, see Add and delete routes.